Christian Zartl, BSc

Private blog and WWW page

Christian Zartl, BSc

Christian Zartl, BSc - Private blog and WWW page

How to configure Auto-Updates on Linux Ubuntu Servers

If you install Ubuntu you get asked if you want to install security updates automatically. This is a nice feature, but you can even configure your new setup to install all updates you want without intervention and letting you know via email.

When you select to install auto-updates, then you will have the correct package already. Otherwise you have to install it first:

sudo apt-get install unattended-upgrades
[sudo] password for atcz01admin:
Reading package lists... Done
Building dependency tree
Reading state information... Done
unattended-upgrades is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

As you can see, I had it installed already. Now you can edit your configuration:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

As mentioned in my last blog post, you can use any text editor you like, but for me nano is the easiest one. So check for the following part:

// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
        "Ubuntu lucid-updates";
};

updates will most probably be commented out, so remove the // or # if you would like to install all current updates automatically. Now you can configure email notifications by editing the following part:

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "c.zartl@***.com";

Just change it to your email address. To be able to send emails from your fresh Ubuntu install, you will need to install and configure Postfix first:

sudo apt-get install postfix

Postfix package installation and configuration
This configuration depends on how you want to send emails, if you have a running mail server already and so on, so I won't go into much detail here. If you do something wrong or forget a setting, just run:

sudo dpkg-reconfigure postfix

Still there is one general step left you should do: set the correct sender. First edit main.cf:

sudo nano /etc/postfix/main.cf

Simply add the following lines:

# Set correct sender
sender_canonical_maps = hash:/etc/postfix/sender_canonical

Now you have to create this senders file:

sudo nano /etc/postfix/sender_canonical

For me the file looks like this:

root sugar@***.com
atcz01admin sugar@***.com

First you provide the name of the user you want to set a sender email address. Then, seperated by a space, add the email address you want to use for this person.

Finally run the following command:

sudo postmap /etc/postfix/sender_canonical

And reload the Postfix configuration:

sudo /etc/init.d/postfix reload
 * Reloading Postfix configuration...

At last you will have to install mailutils:

sudo apt-get install mailutils

Now you can send a test mail if you like:

sudo nano testmail.txt

Type any text you like here, close the file, and send it:

mail -s "Test" c.zartl@***.com < testmail.txt

Finally go back to the configuration file:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

You can also configure to auto-remove old dependencies:

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

At last set the update schedule:

sudo nano /etc/apt/apt.conf.d/10periodic

Here is my config:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Kategorie: Howtos

Hinterlasse einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Pflichtfelder sind markiert *

*